Major privacy breach at DHB

The Bay of Plenty District Health Board has sacked a
"trusted" staff member for breaching the privacy of nearly 50
patients.

The staff member was sacked after the board launched a
four-month investigation following allegations the staff
member had access to clinical records and "used them for her
own purposes".

The Bay of Plenty Times understands the staff member
was accessing private files and then discussing patient
details in casual conversation with other staff.

During the investigation the staff member remained employed
at the health board, working at the same desk and computer
she used to access the patients' files.

The district health board confirmed 48 patients were
contacted and advised their privacy might have been breached.
The breaches occurred over a four-year period.

District health board general manager governance and
quality/privacy officer Gail Bingham said the staff member
committed "serious misconduct", resulting in termination of
their employment.

Ms Bingham would not comment on the staff member's name or
the department they worked in.

"Unfortunately a trusted employee with employment-related
access to clinical records has chosen to abuse their position
and access the system for their own purposes."

Until the investigation was completed no specific charges of
serious misconduct could be made and the staff member
continued in their work during that time, Ms Bingham said.

However, her access was closely monitored during this period
to ensure her access to clinical records was for legitimate
work purposes only.

In the review the board matched every access to clinical
records the individual had in her role against those
patients' attendance at/or admission to hospital. The
investigation identified 48 breaches and the board is
satisfied no further breaches occurred, Ms Bingham said.

A patient who received a letter last month informing her of
the breach said she still had questions about what had
occurred.

"It was like 'we're investigating a breach of privacy, have a
nice day'. I was just like 'what the heck'. Why would this
person want to access my medical files? I don't know what
she's looking at."

She said the breaches could be traumatic for vulnerable
patients.

A district health board employee said she was concerned the
board failed to respond appropriately to the breaches.

"In that four-and-a-half months she was still there at her
computer. She could have still been delving into files," the
source said.

"We don't know why she did it but she had a huge mouth."

The source said the woman brought up patients' details in
conversations.

This raised concern among other employees about the type of
information the staff member had access to and management was
informed.

"It's just not fair," the source said. "Too many people were
affected and why should everyone else be under suspicion?"

The source did not want to be identified for fear of losing
her job but felt upset enough to speak out.

"I really think it needs to be brought out into the open. I
think they need to say sorry."

The letter sent to victims apologised for the breaches,
saying the staff member breached both the Privacy Code and
the Bay of Plenty District Health Board's own policy.